This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrading XG115 from SFOS 18.0.6 MR-6 to SFOS 18.5.1 MR-1: Backup restore not working?

Hey everybody,

I'm trying to upgrade a XG115 appliance from SFOS 18.0.6 to SFOS 18.5.1.

I've created a backup of the config from within the 18.0.6 firmware and downloaded and installed the 18.5.1 release .

All settings were reset to factory defaults, which was to be expected.

However, I'm unable to restore the 18.0.6 backup.

The process simply errors out, complaining that the backup can not be applied to this firmware version.

Can someone give me a hint how exactly one is supposed to upgrade the firmware without losing the configuration?

Thanks in advance,

Dominik



This thread was automatically locked due to age.
Parents
  • I have the same issue.  Went from 17.5.11 to 18.0.6 build655 and now I can't go to 18.5.1 build 326 unless I want to boot factory default.

  • Well, at least I'm not the only one then :-)

    Man, I miss the good, old UTM days....back when men were men, women were women and firmware upgrades were simple firmwareupgrades that went through without a hitch :-)

  • I dont understand. UTM Firmware upgrades are madness compared to this. (Try to do this task on UTM. Have fun downloading 10 Files and be careful which one you use. See UTM download server). 

    Never the less:

    Simply use V18.5 MR2. It will support a upgrade from V18.0 MR6. It will also support a restore of you current version. 

    __________________________________________________________________________________________________________________

  • I don't understand your comment about the UTM upgrades, last time I used a UTM it was one file for all users the installation worked based on your licence, are you saying Sophos has broken the UTM upgrade into many smaller parts?

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • See: https://download.astaro.com/#UTM/v9/up2date/

    You need to have the "complete chain" of updates available on the appliance.

    On SFOS, you need one file, it will convert the configuration to the version. So you can upload simply "V18.5 MR2" and it will bring you there from every version.

    On UTM you need to upload all files, from source version to the target version. You can eventually do the "bring me to the latest version" but it will do the same kind of mechanism. Installing each and every update one by one. This was the process for decades. So i cannot understand, how this was in any kind a better process compared to the approach in SFOS. 

    __________________________________________________________________________________________________________________

  • With the UTM there updates were/are in a logical numbered order. Whereas the XG the numbering is not logical, you can't upgrade say v17.5.6 to v17.5.16, you need to go to mr12, then you can't go from mr16 to v18.0.6, voy need to go through v18.0.5 and to get to v18.5.6 you need to got through v18.5.5 or is v18.5.2? V19 EAP can't go from v18.5.2 you have to downgrade to v18.5.1 but v19EAP is supposed to have all the features of v18.5.2 included.

    The above are examples not necessary the correct version or order.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Manual download and manual upload of 18.5.2 worked for me to get past 18.0.6.  Thanks for the idea.  Also for others look here for compatibility (use the "upgrade information" button for best info)

    https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=18.5 

  • I don't understand either...never in almost 20 years did I have to jump though such hoops do apply a simple firmware upgrade to a UTM appliance. Sure, there were quite a few issues with UTM upgrades in the past few years either, but this was mainly caused by Sophos lack of focus, imo.

    Sophos is really doing everything in its power to steer me off their products for good. I mean, we're talking about firmware release 18.5...XG should be a mature product by now.

    It quite simply is not and this was probably the last straw.

Reply
  • I don't understand either...never in almost 20 years did I have to jump though such hoops do apply a simple firmware upgrade to a UTM appliance. Sure, there were quite a few issues with UTM upgrades in the past few years either, but this was mainly caused by Sophos lack of focus, imo.

    Sophos is really doing everything in its power to steer me off their products for good. I mean, we're talking about firmware release 18.5...XG should be a mature product by now.

    It quite simply is not and this was probably the last straw.

Children
  • Simply because you never did the same like on SFOS. 

    The point i am trying to make: Sophos started as a company in EAP (early access program). Back in the days, there were only "soft releases" of the same version, which essentially got released for UTM. So since EAP versions and different channel versions are released, it gets tricky to have one firmware, which supports everything. 

    Just to be sure: You never will run in such issues, if you stay on the "officially released path". You will go from V17.5 to V18.0 to V18.5 without any issue. Simply because you tried to update something, which is not officially released for your current situation, it will not be supported (by the time). But as a customer, you had the option. By the time, you installed MR6, there was V18.5 MR1 also supported. You do not have to go to V18.0 first. 

    What stopped you by using simply "go to latest firmware" available on the product itself? Same like you did on UTM 20 years? 

    __________________________________________________________________________________________________________________

  • My update journey yesterday started out with release 17.5, I couldn't directly upgrade to 18.5 because I was only offered release 18.0 using the builtin update mechanism.

    You're certainly right that this whole thing would have gone a lot smoother if firmware upgrades would have been applied in a timely fashion.

    I'll try the above posted solution and manually upload the 18.5.2 package, we'll see if this does the trick.

  • Yes, because V18.5 MR2 is not officially released via Up2Date. It is still on the soft release. It will come to your appliance via up2date in the upcoming Days. 

    BTW: Why are you still on V17.5? Most attacks occurs due lack of patching. 

    __________________________________________________________________________________________________________________

  • It was one of those "could you take a look at this" situations, I don't have any jurisdition over the appliance in question and from the looks of it, the regular service provider didn't really do a stellar job with keeping everything up to date. :-)

  • Just to be sure: You never will run in such issues, if you stay on the "officially released path". You will go from V17.5 to V18.0 to V18.5 without any issue. Simply because you tried to update something, which is not officially released for your current situation, it will not be supported (by the time). But as a customer, you had the option. By the time, you installed MR6, there was V18.5 MR1 also supported. You do not have to go to V18.0 first. 

    Hi. I don´t unterstand. I have a XG106, running on SFOS 18.0.6 MR-6-Build655. All FW Updates i´ve made was via "Check for new Update". So I´ve updated to SFOS 18.5.1 MR-1-Build326 via "Latest available firmware" on XG. Reboot, facrory settings. Why? I have done the official upgrade path, haven´t i?

  • I was under the impression that the move to 18.5 would always lead to factory default settings?

  • No. 

    Let me rephrase it: 

    The is and will always be a upgrade path from A to B. 

    Sometimes a release is a "blocked" scenario. Means a release like V18.0 MR6 is released after V18.5 MR1. So V18.5 MR1 does not support the version V18.0 MR6, as it "does not know, MR6 exists in the first place". 

    So to workaround this, Sophos will release the next release (V18.5 MR2), which will be the official supported upgrade path: V18.5 MR2 supports all currently released firmware versions. 

    But V18.5 MR2 is currently not being pushed out to every customers via Up2Date (check new firmware). This will be done in stage phases. But you can download the MR2 via MySophos. 

    __________________________________________________________________________________________________________________


  • Sophos releases 18.0 MR5 (Apr 2021)

    You upgrade to 18.0 MR5.

    Sophos releases 18.5 GA (Jun 2021)

    "Check for updates" offered you 18.5 GA, which you did not do.

    Sophos releases 18.5 MR1 (Aug 2021)

    "Check for updates" offered you 18.5 MR1, which you did not do.

    Sophos releases 18.0 MR6 (Sept 2021)


    "Check for updates" offered you 18.0 MR6  which you upgraded to.

    Sophos releases 18.5 MR2
     (Nov 2021)


    Now you want  to upgrade from 18.0 MR6 (released in September) to 18.5 MR1 (Released in August).  But you can't because even though the version number gets bigger you are actually going to an earlier dated release.

    You can however go to 18.5 MR2 released in November because that is a later dated release.

    As far as I know (and I am not 100% sure) both 18.5 GA and 18.5 MR1 appeared in the "Check for updates".  It is a few weeks after the official release dates before they are put in the automatic updates.  As far as I know you would have had to ignore both of those and then choose the 18.0 MR6 update.  Again, I am not 100% sure but I *think* the way it works the XG firmware update page would have shown both 18.5 MR1 and 18.0 MR6 at the same time, and you chose 18.0 MR6.

    So, if you follow the official upgrade path and install as they are offered, you would be fine.  If you skip releases then you can get into a situation where you cannot upgrade to a larger version number that was released at an earlier date.



    Note: There is a similar issue with 19.0 EAP1.  You can only upgrade from 18.5 MR1 to 19.0 EAP1.  If you go to 18.5 MR2 you cannot upgrade to EAP1.

  • Hello, thanks for your response. I have v18.5 MR2 downloaded, how/where do I manually upload it in Sophos XG?

  • Hi,

    you go to the GUI -> backup and firmware -> firmware -> in the firmware field you click on the version with the arrow and follow the instructions.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.